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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- if NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I Responsive to communication(s) filed on 06 June 2005 . 

2a)D This action is FINAL. 2b)K This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-26 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 7-26 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-26 are pending. 

2. Claims 1-6 are allowable. 

Response to Arguments 

2. Applicant arguments have successfully overcome the previous rejection under 35 
USC 1 12. Applicants previous response indicate in the prosecution record that the term 
"enrollment applet" is to specifically refer to a request to register a user for the first time. 
(Page 12, last paragraph - page 13, first paragraph) The Examiner will interpret the 
recitation by the definition as given by Applicant. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 7-26 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Holloway, US patent 6224718. 

In reference to claim 7: 
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Holloway(Column 7, line 45 - Column 9, line 65) discloses a method of providing and 
authenticating secret data over a network, the network comprising a user device, a first 
server, a second server, and a host application, comprising: 

• Establishing a first secure connection between the user device and the first server 
in response to an enrollment request from a user; (Column 7, lines 45-60) 

• Sending encrypted enrollment information from the host application to the first 
server. (Column 8, lines 15-34) & (Column 9, lines 55-65) 

• Decrypting the enrollment information at the first server. (Column 8, lines 30-35) 
& (Column 4, lines 50-55) 

• Sending an enrollment applet and a unique identifier from the first server to the 
user device, the unique identifier identifies the user device; (Column 7, lines 45- 
60) 

• Establishing a second secure connection between the user device and the second 
server, encrypting an access code using the enrollment applet. (Column 8, lines 
55-67) 

• Linking the encrypted access code with the unique identifier and thereafter 
sending the linked encrypted access code and the unique identifier to the second 
server. (Column 9, lines 1-10) & (Column 8, lines 33-55) 

• Encrypting the linked data at the second server and thereafter sending the 
encrypted linked data to the host application. (Column 9, lines 10-25) 

• Verifying the unique identifier at the host application and thereafter creating 
authentication data (col 7, 61-67) & (col 9, 55-67) & (col 9, 1-10) 

• Encrypting the authentication data with the access code, (col 8, lines 15-30) 
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• Sending the encrypted authentication data and access code from the host 
application to the second server (Column 8, line 53-67) 

• Sending the encrypted authentication data and access code from the second server 
to the enrollment applet using the second secure connection; (Column 8, line 53- 
67) 

• Storing the encrypted authentication data and access code in the enrollment 
applet. (Column 7, lines 45-60) & (col 8, lines 15-30, 60-67) 

Minor differences in Holloway with the invention exist. Holloway doesn't explicitly 
state the encrypted authentication data and access code in the applet are stored together. 
Nevertheless, this is implied because the user enters the authentication data through the 
applet, which means the applet must at least store the data as variables to be later 
transmitted to the server. 

No explicit decryption process is mentioned at the first server, but Holloway mentions a 
process of validation. It is officially noted that it is commonly known in the art that 
validation of encrypted data involves a decryption process to check the contents of the 
encrypted data. 

It would have been obvious to one of ordinary skill in the art to validate encrypted data 
using a decryption process in order to effective check whether the data is what it is 
purported to be. 
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Claim 14, 18 are rejected for the same reasons as claim 7. 
In reference to claim 1 1 : 

Holloway (col 7, 60-67) & (col 8, 15-30) discloses encrypting and sending an enrollment 
applet, a public key, a serial number and an account number from the host to the first 
server, and decrypting the enrollment applet, a public key, a serial number and an account 
number at the first server. 

In reference to claim 15: 

Holloway discloses the method of claim 14, wherein storing the encrypted authentication 
data and access code includes storing at least a portion of the authentication data and the 
access code in the enrollment applet. (Column 8 ,lines 60-67) 

In reference to claim 19: 

Holloway discloses the system of claim 18, wherein the first and second secure 
connections are SSL connections. (Column 7, lines 62-67) & (Column 7, lines 40-46) 

In reference to claim 20: 

Holloway discloses the system of claim 18, wherein the enrollment applet establishes the 
second secure connection in response to a user entering enrollment information. 



In reference to claim 21: 
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Holloway (Column 7, lines 45-60) and (Column 8, lines 15-50) et seq. discloses the 
system of claim 18, further comprising a plurality of hardware service module, one each 
coupled to the first server, the second server and the host application (Column 9, lines 55- 
65), for performing cryptography, where the performing of cryptography is the 
encryption process. 

In reference to claims 22 & 23: 

Holloway fails to disclose the system of claim 18, wherein the user device comprises a 
personal digital assistant or a personal computer. 

Holloway discloses that client "1 10" is used by the user to access the server system, 
(column 7, lines 48-50) 

The Examiner takes official notice that the use of personal digital assistant or personal 
computers as clients was well known at the time of invention. For example, a user 
accessing stock information with a PDA or a user surfing the internet on a home 
computer are examples in which the PDA and personal computers act as clients. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
access the server using a PDA or computers, because such "clients" are readily available 
on the market and accessible to be sold to people to allow them access to the Internet. 



In reference to claim 24: 



Application/Control Number: 09/942,072 Page 7 

Art Unit: 2134 

Holloway discloses (Column 8, lines 15-25) the system of claim 18, wherein at least a 
portion of the enrollment applet is stored on a smart card device, wherein the smart card 
may be used to access an account from at least one remote location. 

In reference to claim 25: 

Holloway fails to explicitly disclose the system of claim 18, wherein the access code is a 
personal identification number (PIN). 

The Examiner takes official notice that usage of a PIN as an access code was well known 
at the time of invention. The advantage of a PIN number of course is lightweight, easy to 
remember passcode which may be used to authenticate a user. PIN numbers are widely 
used as passcodes in computer systems and ATMs. 

It would have been obvious to one of ordinary skill in the art to use a PIN in order to 
authenticate the user with a simple mechanism that doesn't overburden the memory of 
the user. 

In reference to claim 26: 

Holloway discloses the system of claim 18, wherein the access code is a password, where 
the password is a pass-phrase. (Column 47-60) 

Claim 8 is rejected for the same reasons as claim 25. 
Claim 9 is rejected for the same reasons as claim 26. 



Application/Control Number: 09/942,072 
Art Unit: 2134 



Page 8 



Claim 10 is rejected for the same reasons as claim 15. 



Claim 16, 12 are rejected for the same reasons as claim 22. 



Claim 17, 13 are rejected for the same reasons as claims 22 and 24. 



Conclusion 



5. Any inquiry concerning this communication from the examiner should be directed 
to Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally 
be reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

supervisor, Gregory A. Morse can be reached on (571)272-3838. 

The Examiner may also be reached through email through Thomas.Ho6@uspto.gov 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 Fax: 703-872-9306 
Customer Service Representative Telephone: 571-272-2100 Fax: 703-872-9306 



August 20 tn , 2005 



TMH 
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SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



